Nomisec Exploits

22,796 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-44765 NOMISEC MEDIUM
Concrete CMS 8.5.12 and below, 9.0-9.2.1 - Stored Cross-Site Scripting via Plural Handle of Data Objects
A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.
by sromanhu
CVSS 5.4
CVE-2023-32560 NOMISEC CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
by x0rb3l
CVSS 9.8
CVE-2023-44760 NOMISEC MEDIUM
Concrete CMS 9.2.1 - Stored Cross-Site Scripting in SEO & Statistics Tracking Codes
Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly.
by sromanhu
CVSS 4.8
CVE-2023-44758 NOMISEC MEDIUM
GDidees CMS 3.0 - Stored Cross-Site Scripting via Page Title
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
by sromanhu
CVSS 5.4
CVE-2019-11932 NOMISEC HIGH
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by tucommenceapousser
1 stars
CVSS 8.8
CVE-2023-2523 NOMISEC HIGH
Weaver E-Office 9.5 - Unrestricted Upload of File with Dangerous Type via upload_quwan Parameter
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by Any3ite
1 stars
CVSS 7.3
CVE-2019-11932 NOMISEC HIGH
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
by tucommenceapousser
1 stars
CVSS 8.8
CVE-2023-20887 NOMISEC CRITICAL
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
by Malwareman007
8 stars
CVSS 9.8
CVE-2023-36844 NOMISEC MEDIUM
Juniper Networks Junos OS on EX Series <20.4R3-S9 - PHP External Variable Modification
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
by r3dcl1ff
5 stars
CVSS 5.3
CVE-2023-4281 NOMISEC MEDIUM
Activity Log WP <2.8.8 - Info Disclosure
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
by b0marek
CVSS 5.3
CVE-2023-4800 NOMISEC MEDIUM
DoLogin Security WP <3.7.1 - Info Disclosure
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.
by b0marek
CVSS 6.5
CVE-2023-4549 NOMISEC MEDIUM
DoLogin Security WordPress plugin < 3.7 - Stored Cross-Site Scripting via X-Forwarded-For Header
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
by b0marek
CVSS 6.1
CVE-2023-4294 NOMISEC MEDIUM
URL Shortify < 1.7.6 - Unauthenticated Stored Cross-Site Scripting via Referer Header
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
by b0marek
CVSS 6.1
CVE-2023-4631 NOMISEC MEDIUM
DoLogin Security WP <3.7 - Info Disclosure
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
by b0marek
CVSS 5.3
CVE-2023-4279 NOMISEC HIGH
User Activity Log <1.6.7 - Info Disclosure
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
by b0marek
CVSS 7.5
CVE-2023-0157 NOMISEC MEDIUM
All-In-One Security WordPress Plugin < 5.1.5 - Stored Cross-Site Scripting via Log File Content
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.
by b0marek
CVSS 4.8
CVE-2023-0156 NOMISEC MEDIUM
AIOS WordPress <5.1.5 - Info Disclosure
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
by b0marek
CVSS 4.9
CVE-2023-42426 NOMISEC MEDIUM
Froala Editor 4.1.1 - Stored Cross-Site Scripting via Insert Link Parameter
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
by b0marek
CVSS 6.1
CVE-2023-31419 NOMISEC MEDIUM
Elasticsearch 7.0.0-7.17.12 - Denial of Service via _search API Query String
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
by sqrtZeroKnowledge
18 stars
CVSS 6.5
CVE-2023-44061 NOMISEC HIGH
Simple and Nice Shopping Cart Script <1.0 - RCE
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
by SoundarXploit
CVSS 8.8
CVE-2023-41575 NOMISEC MEDIUM
Blood Bank & Donor Management v2.2 - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.
by SoundarXploit
CVSS 5.4
CVE-2023-43154 NOMISEC CRITICAL
Macs CMS 1.1.4f - Authentication Bypass via PHP Type Confusion in isValidLogin()
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.
by ally-petitt
CVSS 9.8
CVE-2022-34753 NOMISEC HIGH
SpaceLogic C-Bus Home Controller < 1.31.460 - OS Command Injection
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)
by K3ysTr0K3R
1 stars
CVSS 8.8
CVE-2023-44767 NOMISEC MEDIUM
RiteCMS 3.0 - Stored Cross-Site Scripting via SVG File Upload
A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.
by sromanhu
CVSS 4.8
CVE-2023-43879 NOMISEC MEDIUM
RiteCMS 3.0 - Stored Cross-Site Scripting in Global Content Blocks
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.
by sromanhu
CVSS 4.8